An IT Forensic Expert, also sometimes known as a Forensics Expert or Forensic Engineer, is responsible for detecting, harvesting and then analysing all of the potential evidence of cyber crime from computers, networks and other associated information and IT equipment. This can include laptops, mobile phones and tablets, or other data storage processing devices.
In short, the role is that of a digital detective, piecing together the evidence that will likely be used to prove charges against criminals, hackers and other bad guys whoever and wherever they may be.
The evidence that is gathered would usually then be passed onto regulators and law enforcement bodies in order for them to be able to pursue criminal charges against any identified criminal attackers of the impacted organisation or individual.
The IT Forensics expert may also need to liaise with existing staff or associates, including an organisations specialist IT security professionals, together with software and hardware vendors and any others supplying computer security related services. They will then be in a position to compete their inspection of the evidence available and submit it for review by those responsible for prosecuting any applicable laws.
Typical job duties for the role of Forensic Expert could include a lead role in investigating data breaches and security incidents where alarms have already been raised. They will be tasked with the sometimes onerous task of recovering any pertinent data from electronic storage devices, which they can then examine.
They will be experienced in both the dismantling and rebuilding of impacted systems, and in the subsequent retrieval of incriminating data.
Armed with the collected information they would be responsible for compiling all available evidence in preparation for legal cases, or in handing over the collected data, for prosecution by legal experts or others as applicable.
They may be required to provide expert testimony in court to enable the successful prosecution of those that are responsible for cyber crime or unauthorised hacking attempts.
They will need to be skilled and proficient in the production of detailed and comprehensive reporting that others can easily follow.
More specific Forensic Expert responsibilities may include:
1) Initially, the Forensic Expert will need to gain a good understanding of an organisations IT Security, technology and Information Systems.
2) They will need to conduct a comprehensive data breach and security incident investigation, consulting with existing Data Security experts where applicable.
3) Data will likely need to be recovered from all implicated devices that have been identified, wherever they may be physically located.
4) The Forensics Expert will need to be proficient in the dismantling and rebuilding of any affected system or network, in order to retrieve potentially important data.
5) Collected evidence will need to be sorted and compiled ready for any potential legal case that may take place.
6) Technical reports will need to be written along with associated evidence and declarations that may be useful in court.
7) The Forensic Expert may need to aid and assist lawyers and other investigators in understanding the implications of their findings regarding the collected evidence.
8) Expert testimony as an expert witness may be required to be provided in a court of law.
9) Training of law enforcement officers regarding more complex cases involving cyber crime may be required.
10) You will need to be proficient in painstakingly reverse engineering the forensic evidence that you discover in order to find the root causes of any successful attacks and penetrations into the affected organisations IT and Data Security systems.
The job of Forensic Expert is usually a daytime role, working an average 40 hours per week. Short-term IT Forensic Experts, Contractors and Consultants may be paid a day rate where any additional work is chargeable.
What can you expect to earn as a Forensic Expert? The position of an IT Forensic Expert is an important role. Salaries will of course vary depending on your experience, qualifications, the organisation and sector plus whether you are employed on a full-time, short-term Contractor or Consultant basis.
According to Payscale* Salary expectations for the role of Forensic Engineer (their closest match to this role) range from $59,033 – $135,498 or £45,410 to £104,229 at a conversion rate of 1.3 for USD/GBP.
* Payscale – http://www.payscale.com/research/US/Job=Forensic_Engineer/Salary